W3C home > Mailing lists > Public > public-tracking@w3.org > April 2013

Re: DNT: Agenda for April 10 call

From: Justin Brookman <justin@cdt.org>
Date: Tue, 09 Apr 2013 17:26:26 -0400
Message-ID: <51648782.2010701@cdt.org>
To: public-tracking@w3.org
Who is presenting the language on user interface?  The group had 
previously agreed that the degree of specificity on user agent 
presentation of DNT options should also be mirrored in presentation 
requirements for exception requests. So if we're requiring "clear and 
conspicuous" presentation and an explanatory link for turning DNT on in 
the first place, we're also going to have to require the same for 
parties seeking to get permission to ignore a DNT:1 signal.

Justin Brookman
Director, Consumer Privacy
Center for Democracy & Technology
tel 202.407.8812

On 4/9/2013 4:59 PM, Peter Swire wrote:
> (Very roughly, first half on compliance spec and second half on TPE spec.)
> ---------------------------
> Administrative
> ---------------------------
> *_1. Confirmation of scribe_*– glad to accept volunteer  -- no 
> volunteer thus far.
> *_2. Offline-caller-identification: _*
> If you intend to join the phone call, youmusteither associate your 
> phone number with your IRC username once you've joined the call 
> (command: "Zakim, [ID] is [name]" e.g., "Zakim, ??P19 is schunter" in 
> my case), or let Nick know your phone number ahead of  time. If you 
> are not comfortable with the Zakim IRC syntax for associating your 
> phone number, please email your name and phone number to npdoty@w3.org 
> <mailto:npdoty@w3.org>. We want to reduce (in fact, eliminate) the 
> time spent on the call identifying phone numbers. Note that if your 
> number is not identified and you do not respond to off-the-phone 
> reminders via IRC, you will be dropped from the call.
> ---------------------------
> Compliance Spec – Peter Swire
> ---------------------------
> __
> *_3. User education/ User interface. _*
> *Proposed Text:*
> *5. User Agent Compliance*
> A user agent /MUST/ offer a control to express a tracking preference 
> to third parties. The control /MUST/ communicate the user's preference 
> in accordance with the [/TRACKING-DNT/ 
> <http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#bib-TRACKING-DNT>] 
> recommendation and otherwise comply with that recommendation. A user 
> agent /MUST NOT/ express a tracking preference for a user unless the 
> user has given express and informed consent to indicate a tracking 
> preference.
> While we do not specify how tracking preference choices are offered to 
> the user or how the preference is enabled, each implementation MUST 
> follow the following user interface guidelines:
> 1.     The User Agent is responsible for determining the user 
> experience by which a tracking preference is enabled. For example, a 
> user might select a check-box in their user agent's configuration, or 
> install an extension or add-on that is specifically designed to add a 
> tracking preference expression so long as the checkbox, extension or 
> add-on otherwise follows these user interface guidelines;
> 2.     The User Agent MUST ensure that the tracking preference choices 
> are communicated to users clearly and conspicuously, and shown at the 
> time and place the tracking preference choice is made available to auser;
> 3.     The User Agent MUST ensure that the tracking preference choices 
> accurately describe DNT, including the parties to whom DNT applies, 
> and MUST make available via a link in explanatory text where DNT is 
> enabled to provide more detailed information about DNT functionality.
> Non-Normative:
> The User Agent plays a key role in enacting the DNT functionality. As 
> a result, it is appropriate for the User Agent to play an equally key 
> role in describing DNT functionality and educating users about DNT in 
> order for this standard to be meaningful.
> While the user interface guidelines do not specify the exact 
> presentation to the user, they are intended to help ensure that users 
> understand their choices with respect to DNT. For example, outlining 
> the parties (e.g., First Parties, Service Providers, Third Parties) to 
> whomDNTapplies and using language that a reasonable user is likely to 
> understand is critical for ensuring that users are in position to 
> provide their informed consent to a tracking preference.
> Moreover, as DNT functionality is complex, it is important that User 
> Agents educate users about DNT, including but not limited to offering 
> a clearly described link that takes the user to additional information 
> about DNT functionality. For example, given that some parties may 
> chose not to comply with DNT, it would be helpful for browsers to 
> educate users about how to check the response header and/or tokens to 
> see if a server is responding with a “public commitment” of compliance.
> Finally, recognizing that DNT settings may be set by non-browser User 
> Agents acting in violation of the user interface guidelines, the 
> browsers should take reasonable steps to ensure that DNT settings are 
> valid.
> *_4. ACTION-373: Append._*  Text proposed by John Simpson and Alan 
> Chapell, with concurrence by Jeff Chester. Clarifications to list in 
> emails by John Simpson April 8 and Peter Swire April 9.Peter Swire 
> circulated a background memo on April 9.
> /Normative: /
> /When DNT:1 is received:/
> /-- A 1st Party MUST NOT combine or otherwise use identifiable data 
> received from another party with data it has collected while a 1st Party./
> /-- A 1st Party MUST NOT shareidentifiable data with another party 
> unless the data was provided voluntarily by the user and is necessary 
> to complete a business transaction with the user./
> /-- A Party MUST NOT usedata gathered while a 1st Party when operating 
> as a 3rd Party./
> /Non-Normative: /
> When DNT:1 is received, a 1st Party retains the ability to customize 
> content, services, and advertising only within thecontext of the first 
> party experience. A 1st party takes the user interaction outside of 
> the 1st party experience if it receives identifiabledata from another 
> party and uses that data for customization of content, services, 
> oradvertising.
> When DNT:1 is received the 1st Party maycontinue to utilize user 
> provided data in order to complete or fulfill a user initiated 
> business transaction such as fulfilling an order for goods or a 
> subscription.
> When DNT:1 is received and a Party has become a 3rd Party it is 
> interacting with the user outside of the 1st Party experience.  Using 
> data gathered while a 1st party is incompatible with interaction as a 
> third party.
> Chris Pedigo gave five examples on data append in September, 2012, 
> which are useful to consider in light of the proposed language:
> http://www.w3.org/2011/tracking-protection/track/actions/229
> ---------------------------
> TPE Spec – Matthias Schunter
> ---------------------------
> *_5. Restructuring the response indicators._*We currently discuss 
> thefollowing three fields:
> - Optional Prefix "!" (I do not conform and I do not claim that 
> whatever letters follow this sign are correct)
> - Tracking Status
>    1, 3, ...
> - Permitted uses:
>    C(onsent), ...
> *_6.ISSUE-187 Discuss Site Requirements Consent_*
> One general concern related to exceptions in general was that sites 
> register exceptions while neither the browser (in the old model) nor 
> the site (in the new model) gather consent in a reliable way. Our 
> current TPE spec states in Section 6.3.1:
> The call to store an exception /MUST/ reflect the user's intention to 
> grant an exception, at the time of the call. This intention /MUST/ be 
> determined by the site prior to each call to store an exception, at 
> the time of the call. (This allows the user to change their mind, and 
> delete a stored exception, which might then trigger the site to 
> explain, and ask for, the exception again). It is the responsibility 
> solely of the site making the call to determine that a call to record 
> an exception reflects the user's informed consent at the time of the call.
> Jonathan proposed these three requirements that refine this language 
> and that I would like to gather feedback on:
> 1) Actual presentation: The choice mechanism MUST be actually 
> presented to the user.It MUST NOT be on a linked page, such as a terms 
> of service or privacy policy.
> 2) Independent choice: The choice mechanism MUST be presented 
> independent of other choices.It MUST NOT be bundled with other user 
> preferences.
> 3) No default permission: The choice mechanism MUST NOT have the user 
> permission preference selected by default.
> (Fromhttp://lists.w3.org/Archives/Public/public-tracking/2012Apr/0004.html 
> )
> *_7. Steps towards the next working draft._*
> Discuss what needs to be updated before publishing our next TPE 
> working draft.
> I have previously preferred distinguishing "who I am" from "how I am 
> operating", and I feel that have C and ! as 'status' indicators rather 
> than qualifiers means that I can no longer tell whether I am 
> interacting with someone who adheres to 1st or 3rdparty constraints.So 
> I agree, rather than C or ! as the first character, I think that
> 1C -- content produced under first party rules with consent
> 3C -- third party under 3rd party rules with consent
> *_8. Announce next meeting & adjourn_*
> ================ Infrastructure =================
> Zakim teleconference bridge:
> VoIP: sip:zakim@voip.w3.org <file://localhost/sip/zakim@voip.w3.org>
> Phone +1.617.761.6200 passcode TRACK (87225)
> IRC Chat: irc.w3.org <http://irc.w3.org/>, port 6665, #dnt
> *****
> Professor Peter P. Swire
> C. William O'Neill Professor of Law
>  Ohio State University
> 240.994.4142
> www.peterswire.net
Received on Tuesday, 9 April 2013 21:26:57 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:09 UTC